Hostname not verified when decorating Gitlab Merge Requests

  • SonarQube version 8.3.1
  • SonarQube will not decorate Merge Requests due to Gitlab having a self signed SSL certificate.

java.lang.IllegalStateException: Hostname <GitLab Hostname> not verified:

We are unable to give it anything other than a self signed certificate in our environment. Is there a way that we can disable SSL verification for the MR decoration?

Sonarqube works fine otherwise.

Hi, no you can’t turn off the SSL verification. What you can do is generate a valid, self-signed SSL certificate that includes the hostname and aliases. More specifically, you need to add the X509v3 Subject Alternative Name extension to your certificate.

Hi Pierre,

I’ve created a SAN certificate and added it to the keystore, however the issue still remains. I’m thinking that Sonar is not reading the new certificate and still giving the same error. Do you have any other suggestions?